From 7ef1e1ef9d4aeedf555accf797f3ecf98b16117d Mon Sep 17 00:00:00 2001
From: Aivars Sterns <Atoms@users.noreply.github.com>
Date: Wed, 18 Oct 2017 13:44:32 +0300
Subject: [PATCH] update terraform, fix deprecated values add default_tags, fix
ansible inventory (#1821)
---
.gitignore | 1 +
.../terraform/aws/create-infrastructure.tf | 52 +++++++++----------
contrib/terraform/aws/modules/elb/main.tf | 12 ++---
.../terraform/aws/modules/elb/variables.tf | 5 ++
contrib/terraform/aws/modules/iam/main.tf | 4 +-
contrib/terraform/aws/modules/vpc/main.tf | 47 +++++++++--------
contrib/terraform/aws/modules/vpc/outputs.tf | 5 ++
.../terraform/aws/modules/vpc/variables.tf | 5 ++
contrib/terraform/aws/output.tf | 4 ++
contrib/terraform/aws/templates/inventory.tpl | 1 +
contrib/terraform/aws/terraform.tfvars | 5 ++
contrib/terraform/aws/variables.tf | 5 ++
12 files changed, 90 insertions(+), 56 deletions(-)
diff --git a/.gitignore b/.gitignore
index 4791280e9..66c9b4867 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ temp
*.bak
*.tfstate
*.tfstate.backup
+contrib/terraform/aws/credentials.tfvars
**/*.sw[pon]
/ssh-bastion.conf
**/*.sw[pon]
diff --git a/contrib/terraform/aws/create-infrastructure.tf b/contrib/terraform/aws/create-infrastructure.tf
index 04c5a8881..c332ea9bc 100644
--- a/contrib/terraform/aws/create-infrastructure.tf
+++ b/contrib/terraform/aws/create-infrastructure.tf
@@ -19,9 +19,9 @@ module "aws-vpc" {
aws_cluster_name = "${var.aws_cluster_name}"
aws_vpc_cidr_block = "${var.aws_vpc_cidr_block}"
aws_avail_zones="${var.aws_avail_zones}"
-
aws_cidr_subnets_private="${var.aws_cidr_subnets_private}"
aws_cidr_subnets_public="${var.aws_cidr_subnets_public}"
+ default_tags="${var.default_tags}"
}
@@ -35,6 +35,7 @@ module "aws-elb" {
aws_subnet_ids_public="${module.aws-vpc.aws_subnet_ids_public}"
aws_elb_api_port = "${var.aws_elb_api_port}"
k8s_secure_api_port = "${var.k8s_secure_api_port}"
+ default_tags="${var.default_tags}"
}
@@ -61,11 +62,11 @@ resource "aws_instance" "bastion-server" {
key_name = "${var.AWS_SSH_KEY_NAME}"
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-bastion-${count.index}"
- Cluster = "${var.aws_cluster_name}"
- Role = "bastion-${var.aws_cluster_name}-${count.index}"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-bastion-${count.index}",
+ "Cluster", "${var.aws_cluster_name}",
+ "Role", "bastion-${var.aws_cluster_name}-${count.index}"
+ ))}"
}
@@ -92,11 +93,11 @@ resource "aws_instance" "k8s-master" {
key_name = "${var.AWS_SSH_KEY_NAME}"
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-master${count.index}"
- Cluster = "${var.aws_cluster_name}"
- Role = "master"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-master${count.index}",
+ "Cluster", "${var.aws_cluster_name}",
+ "Role", "master"
+ ))}"
}
resource "aws_elb_attachment" "attach_master_nodes" {
@@ -121,12 +122,11 @@ resource "aws_instance" "k8s-etcd" {
key_name = "${var.AWS_SSH_KEY_NAME}"
-
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-etcd${count.index}"
- Cluster = "${var.aws_cluster_name}"
- Role = "etcd"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-etcd${count.index}",
+ "Cluster", "${var.aws_cluster_name}",
+ "Role", "etcd"
+ ))}"
}
@@ -146,11 +146,11 @@ resource "aws_instance" "k8s-worker" {
key_name = "${var.AWS_SSH_KEY_NAME}"
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-worker${count.index}"
- Cluster = "${var.aws_cluster_name}"
- Role = "worker"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-worker${count.index}",
+ "Cluster", "${var.aws_cluster_name}",
+ "Role", "worker"
+ ))}"
}
@@ -164,10 +164,10 @@ data "template_file" "inventory" {
template = "${file("${path.module}/templates/inventory.tpl")}"
vars {
- public_ip_address_bastion = "${join("\n",formatlist("bastion ansible_ssh_host=%s" , aws_instance.bastion-server.*.public_ip))}"
- connection_strings_master = "${join("\n",formatlist("%s ansible_ssh_host=%s",aws_instance.k8s-master.*.tags.Name, aws_instance.k8s-master.*.private_ip))}"
- connection_strings_node = "${join("\n", formatlist("%s ansible_ssh_host=%s", aws_instance.k8s-worker.*.tags.Name, aws_instance.k8s-worker.*.private_ip))}"
- connection_strings_etcd = "${join("\n",formatlist("%s ansible_ssh_host=%s", aws_instance.k8s-etcd.*.tags.Name, aws_instance.k8s-etcd.*.private_ip))}"
+ public_ip_address_bastion = "${join("\n",formatlist("bastion ansible_host=%s" , aws_instance.bastion-server.*.public_ip))}"
+ connection_strings_master = "${join("\n",formatlist("%s ansible_host=%s",aws_instance.k8s-master.*.tags.Name, aws_instance.k8s-master.*.private_ip))}"
+ connection_strings_node = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.tags.Name, aws_instance.k8s-worker.*.private_ip))}"
+ connection_strings_etcd = "${join("\n",formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.tags.Name, aws_instance.k8s-etcd.*.private_ip))}"
list_master = "${join("\n",aws_instance.k8s-master.*.tags.Name)}"
list_node = "${join("\n",aws_instance.k8s-worker.*.tags.Name)}"
list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}"
diff --git a/contrib/terraform/aws/modules/elb/main.tf b/contrib/terraform/aws/modules/elb/main.tf
index 6a0cdfe3d..991e7be42 100644
--- a/contrib/terraform/aws/modules/elb/main.tf
+++ b/contrib/terraform/aws/modules/elb/main.tf
@@ -2,9 +2,9 @@ resource "aws_security_group" "aws-elb" {
name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
vpc_id = "${var.aws_vpc_id}"
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
+ ))}"
}
@@ -52,7 +52,7 @@ resource "aws_elb" "aws-elb-api" {
connection_draining = true
connection_draining_timeout = 400
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-elb-api"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-elb-api"
+ ))}"
}
diff --git a/contrib/terraform/aws/modules/elb/variables.tf b/contrib/terraform/aws/modules/elb/variables.tf
index c7f86847d..1ed9edd40 100644
--- a/contrib/terraform/aws/modules/elb/variables.tf
+++ b/contrib/terraform/aws/modules/elb/variables.tf
@@ -26,3 +26,8 @@ variable "aws_subnet_ids_public" {
description = "IDs of Public Subnets"
type = "list"
}
+
+variable "default_tags" {
+ description = "Tags for all resources"
+ type = "map"
+}
diff --git a/contrib/terraform/aws/modules/iam/main.tf b/contrib/terraform/aws/modules/iam/main.tf
index 88da00d90..7818d7b0f 100644
--- a/contrib/terraform/aws/modules/iam/main.tf
+++ b/contrib/terraform/aws/modules/iam/main.tf
@@ -129,10 +129,10 @@ EOF
resource "aws_iam_instance_profile" "kube-master" {
name = "kube_${var.aws_cluster_name}_master_profile"
- roles = ["${aws_iam_role.kube-master.name}"]
+ role = "${aws_iam_role.kube-master.name}"
}
resource "aws_iam_instance_profile" "kube-worker" {
name = "kube_${var.aws_cluster_name}_node_profile"
- roles = ["${aws_iam_role.kube-worker.name}"]
+ role = "${aws_iam_role.kube-worker.name}"
}
diff --git a/contrib/terraform/aws/modules/vpc/main.tf b/contrib/terraform/aws/modules/vpc/main.tf
index 44fc4c357..4ab078f0f 100644
--- a/contrib/terraform/aws/modules/vpc/main.tf
+++ b/contrib/terraform/aws/modules/vpc/main.tf
@@ -6,9 +6,9 @@ resource "aws_vpc" "cluster-vpc" {
enable_dns_support = true
enable_dns_hostnames = true
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-vpc"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-vpc"
+ ))}"
}
@@ -18,13 +18,13 @@ resource "aws_eip" "cluster-nat-eip" {
}
-
resource "aws_internet_gateway" "cluster-vpc-internetgw" {
vpc_id = "${aws_vpc.cluster-vpc.id}"
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-internetgw"
- }
+
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-internetgw"
+ ))}"
}
resource "aws_subnet" "cluster-vpc-subnets-public" {
@@ -33,9 +33,9 @@ resource "aws_subnet" "cluster-vpc-subnets-public" {
availability_zone = "${element(var.aws_avail_zones, count.index)}"
cidr_block = "${element(var.aws_cidr_subnets_public, count.index)}"
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-public"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-public"
+ ))}"
}
resource "aws_nat_gateway" "cluster-nat-gateway" {
@@ -51,9 +51,9 @@ resource "aws_subnet" "cluster-vpc-subnets-private" {
availability_zone = "${element(var.aws_avail_zones, count.index)}"
cidr_block = "${element(var.aws_cidr_subnets_private, count.index)}"
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-private"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-private"
+ ))}"
}
#Routing in VPC
@@ -66,9 +66,10 @@ resource "aws_route_table" "kubernetes-public" {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.cluster-vpc-internetgw.id}"
}
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-routetable-public"
- }
+
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-routetable-public"
+ ))}"
}
resource "aws_route_table" "kubernetes-private" {
@@ -78,9 +79,11 @@ resource "aws_route_table" "kubernetes-private" {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.cluster-nat-gateway.*.id, count.index)}"
}
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-routetable-private-${count.index}"
- }
+
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-routetable-private-${count.index}"
+ ))}"
+
}
resource "aws_route_table_association" "kubernetes-public" {
@@ -104,9 +107,9 @@ resource "aws_security_group" "kubernetes" {
name = "kubernetes-${var.aws_cluster_name}-securitygroup"
vpc_id = "${aws_vpc.cluster-vpc.id}"
- tags {
- Name = "kubernetes-${var.aws_cluster_name}-securitygroup"
- }
+ tags = "${merge(var.default_tags, map(
+ "Name", "kubernetes-${var.aws_cluster_name}-securitygroup"
+ ))}"
}
resource "aws_security_group_rule" "allow-all-ingress" {
diff --git a/contrib/terraform/aws/modules/vpc/outputs.tf b/contrib/terraform/aws/modules/vpc/outputs.tf
index 950462a48..2bb4bf309 100644
--- a/contrib/terraform/aws/modules/vpc/outputs.tf
+++ b/contrib/terraform/aws/modules/vpc/outputs.tf
@@ -14,3 +14,8 @@ output "aws_security_group" {
value = ["${aws_security_group.kubernetes.*.id}"]
}
+
+output "default_tags" {
+ value = "${default_tags}"
+
+}
\ No newline at end of file
diff --git a/contrib/terraform/aws/modules/vpc/variables.tf b/contrib/terraform/aws/modules/vpc/variables.tf
index 55adf2be3..b6295cbb9 100644
--- a/contrib/terraform/aws/modules/vpc/variables.tf
+++ b/contrib/terraform/aws/modules/vpc/variables.tf
@@ -22,3 +22,8 @@ variable "aws_cidr_subnets_public" {
description = "CIDR Blocks for public subnets in Availability zones"
type = "list"
}
+
+variable "default_tags" {
+ description = "Default tags for all resources"
+ type = "map"
+}
diff --git a/contrib/terraform/aws/output.tf b/contrib/terraform/aws/output.tf
index fabc0d218..8819b4558 100644
--- a/contrib/terraform/aws/output.tf
+++ b/contrib/terraform/aws/output.tf
@@ -22,3 +22,7 @@ output "aws_elb_api_fqdn" {
output "inventory" {
value = "${data.template_file.inventory.rendered}"
}
+
+output "default_tags" {
+ value = "${default_tags}"
+}
\ No newline at end of file
diff --git a/contrib/terraform/aws/templates/inventory.tpl b/contrib/terraform/aws/templates/inventory.tpl
index dd8126002..0e64902b1 100644
--- a/contrib/terraform/aws/templates/inventory.tpl
+++ b/contrib/terraform/aws/templates/inventory.tpl
@@ -1,3 +1,4 @@
+[all]
${connection_strings_master}
${connection_strings_node}
${connection_strings_etcd}
diff --git a/contrib/terraform/aws/terraform.tfvars b/contrib/terraform/aws/terraform.tfvars
index bc83a719d..c0e179a49 100644
--- a/contrib/terraform/aws/terraform.tfvars
+++ b/contrib/terraform/aws/terraform.tfvars
@@ -30,3 +30,8 @@ aws_cluster_ami = "ami-db56b9a3"
aws_elb_api_port = 6443
k8s_secure_api_port = 6443
kube_insecure_apiserver_address = "0.0.0.0"
+
+default_tags = {
+# Env = "devtest"
+# Product = "kubernetes"
+}
diff --git a/contrib/terraform/aws/variables.tf b/contrib/terraform/aws/variables.tf
index c7c65c772..0e8509686 100644
--- a/contrib/terraform/aws/variables.tf
+++ b/contrib/terraform/aws/variables.tf
@@ -99,3 +99,8 @@ variable "k8s_secure_api_port" {
variable "loadbalancer_apiserver_address" {
description= "Bind Address for ELB of K8s API Server"
}
+
+variable "default_tags" {
+ description = "Default tags for all resources"
+ type = "map"
+}
--
GitLab